vjw0rm | 2c962931cbd7724909e416952b21f412890801380aea4e17e5590fc3f6c6e798 | Triage

Sharing

General

Target

ZXTEJDJGDMND.js.zip
Size

6KB
Sample

211221-yclyvsfcdl
MD5

c7817e5626d7e3d4ba2b0adf4e3654da
SHA1

55d8497cf4562b808b8726a6c0f2680443dbd159
SHA256

2c962931cbd7724909e416952b21f412890801380aea4e17e5590fc3f6c6e798
SHA512

163bc1ffd6c00e12a8f7b0d347be5b2410d76a49d95cd6f12144f6bb750283b2f201fad747e8e25cb9c12bba015fa1965b73657cab9562bc4c1df222f9d7ec72

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  ZXTEJDJGDMND.js
- Size
  
  9KB
- MD5
  
  4bf6f13902c5c69baf11914cc4c6eb4c
- SHA1
  
  5fcb4b1f0092a79c2f050c678a69fbc6ee8e2852
- SHA256
  
  d1d87467831ba4b691160509772995bb99ce7d2abcc96bd6b6cdd6ec1af058dc
- SHA512
  
  1b3ecdf7dd4a8541c80d0fa51359228bdb10687715697cb1ceaea8e14d36db5f6f53425a3e5f065797faf2ff8ebdc7c9afe5e32a9149de1d81e79b68a10dbaa9
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm